You can also use request parameters to send the session id with. I am working on the same issue and I did the authentication now but have not tested to grab the session yet neither by cookies nor by request parameters. Will do this today (hopefully) and keep you informed.

Adobe AIR has full support for setting and getting cookies from
HTML-based content in remote sandboxes (content loaded
from http:// and https:// sources) that is bound to a specific
domain. Content loaded from the installed directory of the ap-
plication (referenced via app:/ scheme) cannot use cookies (the
document.cookie property).
Cookie support is implemented via the operating system’s net-
working stack. This means that AIR applications can share
cookies set by any browser or application that also leverage the
operating system stack.

You can also use request parameters to send the session id with. I am working on the same issue and I did the authentication now but have not tested to grab the session yet neither by cookies nor by request parameters. Will do this today (hopefully) and keep you informed.